System and Method for Protecting Information and Related Encryption Keys

1. A method for protecting content in a computing device, the method comprising: encrypting content objects using a plurality of file encryption keys; encrypting said file encryption keys using 13 master encryption key; installing said master encryption key in a first memory; using said master key to decrypt the file encryption keys, and to install the file encryption keys in the first memory; detecting inactivity related to a computing device; upon detecting inactivity: removing said master encryption key from said first memory and selectively removing at least one file encryption key from the plurality of the file encryption keys; generating a temporary master key and a new file key for a new content object; encrypting the new content object using the new file key and encrypting the new file key by the temporary master key; and upon receiving input from an authenticated user, decrypting the new file key using the temporary master key, generating a new master key usable for encrypting and decrypting said new file encryption key, and installing said new master key in said first memory.

2. The method of claim 1 , comprising removing decrypted information from a second memory, said second memory storing decrypted information related to said at least one encrypted content object.

3. The method of claim 2 , wherein said second memory is part of a cache memory.

4. The method of claim 2 , wherein said second memory is operatively connected to one of: said computing device and a remote computing device.

5. The method of claim 1 , comprising selectively suspending at least one process executing on one of said computing device and a remote computing device.

6. The method of claim 5 , comprising suspending processes that have accessed said at least one encrypted content object.

7. The method of claim 5 , comprising suspending processes that possess a reference related to information included in said encrypted content object.

8. The method of claim 1 , comprising maintaining at least one file encryption key in said first memory to enable access to at least one encrypted content object.

9. The method of claim 1 , wherein said at least one encrypted content object is stored on a storage device operatively connected to one of: said computing device and a remote computing device.

10. The method of claim 1 , wherein said inactivity is detected by detecting at least one of: an invocation of a predefined application, a predefined operational state of said computing device and an inactivity period of an input device.

11. The method of claim 1 , wherein said input is received using a device selected from the group consisting of: a human interface device, a keyboard, a magnetic card swipe reader and a point and click device.

12. An article comprising a non-transitory computer-readable storage medium, having stored thereon instructions, that when executed on a computer, cause the computer to: encrypt content objects using a plurality of file encryption keys to produce an encrypted content object; encrypt said file encryption key using a master encryption key; install said master encryption key in a first memory; use said master key to decrypt the file encryption keys, and to install the file encryption keys in the first memory; detect inactivity related to an associated computing device; upon detecting inactivity: remove said master encryption key from said first memory and selectively remove at least one file encryption key from the plurality of the file encryption keys first memory; generate a temporary master key and a new file key for a new content object; encrypt the new content object using the new file key and encrypt the new file key by the temporary master key; and upon receiving input from an authenticated user, decrypt the new file key using the temporary master key, generate a new master key usable for encrypting and decrypting said new file encryption key, and install said new master key in said first memory.

13. The article of claim 12 , wherein the instructions when executed result in: removing decrypted information from a second memory, said second memory storing decrypted information related to said encrypted content object.

14. The article of claim 12 , wherein the instructions when executed result in selectively suspending at least one process executing on one of: said computer and a remote computing device.

15. The article of claim 14 , wherein the instructions when executed result in suspending processes that have accessed said at least one encrypted content object.

16. The article of claim 14 , wherein the instructions when executed result in suspending processes that possess a reference related to information included in said encrypted content object.

17. The article of claim 12 , comprising maintaining at least one file encryption key in said first memory to enable access to at least one encrypted content object.

18. The article of claim 12 , wherein said input is received using a device selected from the group consisting of: a human interface device, a keyboard, a magnetic card swipe reader and a point and click device.